Dear Peter,
Why nfdump does not store the mask bits? Which expoters sending netflow data
will not strored by nfdump? Would nfdump store CISCO and Juniper routers mask
bit informaiton?
I'm planning to ugrade our CISCO and Juniper routers from netflow V5 to V9,
does nfdump still store the mask bits in V9?
Thanks again!!
Eddie
________________________________
寄件人﹕ Peter Haag <peter.h...@switch.ch>
收件人 Chor Keung Li <ckat...@yahoo.com.hk>
副本(CC) nfdump-discuss@lists.sourceforge.net
傳送日期﹕ 2009 年 8月 4 日 星期二 下午 3:53:59
主題: Re: Re: [Nfdump-discuss] Re: How can display IP prefix
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chor Keung Li wrote:
> Dear Peter,
>
> Thanks for your reply! You mean the current version of nfdump does not store
> the mask bits that the netflow protocol have? But how come I can display the
> prefix report using the command
> nfdump -r nfcapd.200907282355 -o "fmt:%sa %fl %byt %pkt" -a -A srcip4/22?
> where I interested in the source IP with mask bit 22.
You can manually apply any mask you like, but the netmask bits, which some
exporters send in the netflow data are not
stored. Therefore applying the mask automatically according the netbits does
not work.
- Peter
>
> I'm now using nfdump 1.5.8 running in FC9.
>
> If the current version does not support the source/dest prefix or mask bits,
> when will it support?
>
> Thanks for your kindly help!!
>
> Eddie
>
>
>
>
> ________________________________
> 寄件人﹕ Peter Haag <peter.h...@switch.ch>
> 收件人 Chor Keung Li <ckat...@yahoo.com.hk>
> 副本(CC) nfdump-discuss@lists.sourceforge.net
> 傳送日期﹕ 2009 年 8月 4 日 星期二 下午 1:28:12
> 主題: Re: [Nfdump-discuss] Re: How can display IP prefix
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Chor Keung Li wrote:
>> Dear all,
>>
>> After reading document, I can create reports by prefix or bit-masks using
>> the filter commands, for example, If looking at the src prefix with mask bit
>> 22, the following comamnd line will work.
>> nfdump -r nfcapd.200907282355 -o "fmt:%sa %fl %byt %pkt" -a -A srcip4/22
>>
>> In this case, however, I must input and specify the mask bit to nfdump to
>> work out the report. Just want to know is nfdump capable to gernerate all
>> the source/destination prefix reports without inputting the mask bits, like
>> the source/destination prefix report in flow-tools? It is a bit
>> inconvenience!
>>
>> Looking forward to your reply and thanks in advance!!!
>
> The mask bits are not stored in current version of nfdump - so it does not
> work yet.
>
> - Peter
>
>> Eddie
>>
>>
>> ________________________________
>> 寄件人﹕ Chor Keung Li <ckat...@yahoo.com.hk>
>> 收件人 nfdump-discuss@lists.sourceforge.net
>> 傳送日期﹕ 2009 年 7月 27 日 星期一 下午 4:46:47
>> 主題: How can display IP prefix
>>
>>
>> Hello all,
>>
>> I'm new to nfdump. How can I display the neflow information with source IP
>> prefix and destination IP prefix by using nfdump. I can't see any
>> predefined tags in the customer output format.
>>
>>
>> eg. 192.168.0.10/24
>>
>>
>> Regards,
>>
>> Eddie
>>
>>
>> Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!
>>
>>
>> ------------------------------------------------------------------------
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> trial. Simplify your report design, integration and deployment - and focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Nfdump-discuss mailing list
>> Nfdump-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
> - --
> _______ SWITCH - The Swiss Education and Research Network ______
> Peter Haag, Security Engineer, Member of SWITCH CERT
> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
> E-mail: peter.h...@switch.ch Web: http://www.switch.ch/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iQCVAwUBSnfG6/5AbZRALNr/AQI6KwQAmIsQnIcLDaPWidUH0b8dloqLxwxAS9Pu
> 0J20zuPjoTRcuEvq84oO20C4ldRNNfV0MkVe1T2LGQFdhtFqdGPaA7mlGjwhwlCw
> 4+sF0LMwCH2LnzOtubs84+l0M9a644qFq0Z3XgSykB9VAhKMJF7vM0U2M/CoDTAT
> LyTNTAxrh8A=
> =RDds
> -----END PGP SIGNATURE-----
>
>
>
> Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: peter.h...@switch.ch Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBSnfpFf5AbZRALNr/AQIpagP9Gn4SP186zJQNpg6z0cjhseiy5V6L5Eox
nwfKAznfa2hiPxSM3zbYXO9nv428d4NPd/OswfMrxdhk5hhEwpcQM2ij5G5LYbVr
eCuN4Kt4fJ6w2JLTjeskFoWMbJzRShsIiFNlHl+B8KsRvEVNR/fk2DAMxwoutzsG
iofQSPk+LzY=
=5vU4
-----END PGP SIGNATURE-----
Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
